Assigning user requests of different types or protocols to a user by trust association interceptors

摘要

A Universal TAI handles multiple identifications by means of an internal lookup table. When authenticating and authorizing requests, from a pre-registered customer, that are serviced by an application server, a reverse proxy security server receives requests of different protocols and associates user identification information of a single user with different formats based on the types and protocols of the requests. The Universal TAI determines a fundamental identification of the user from a lookup table, substitutes the fundamental identification into the requests of different protocols for the same user principal, and passes the request with the fundamental identification to the application server.

主权项

1. A computer-implemented method for authenticating and authorizing requests from a user that are serviced by an application server, comprising:
receiving at different times in a reverse proxy security server a first request in accordance with a first communications protocol and a second request in accordance with a second communications protocol that is different than the first communications protocol, both protocols being received in association with a same end user; creating, by the reverse proxy security server in response to receiving the first request, a modified form of the first request by retrieving user identification information for the end user, modifying the first request to include the user identification information formatted in accordance with the first communications protocol, and dispatching the modified form of the first request to an application server in which a universal trust association interceptor executes; creating, by the reverse proxy security server in response to receiving the second request, a modified form of the second request by retrieving the user identification information for the end user, modifying the second request to include the user identification information formatted in accordance with the second communications protocol, and dispatching the modified second request to the application server; and, responding a receipt of the first request in the universal trust association interceptor, by looking up in a lookup table a fundamental identification corresponding both to the user identification information in the first communications protocol, and also the first communications protocol, substituting in the first request the fundamental user identification for the user identification information to create a first fundamental identification request, and passing the first fundamental identification request to the application server, but responding to a receipt of the second request in the universal trust association interceptor, by looking up in the lookup table the fundamental identification corresponding both to the user identification information in the second communications protocol and also the second protocol, substituting in the second request the fundamental user identification for the user identification information to create a second fundamental identification request, and passing the second fundamental identification request to the application server.